b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25

Analysis

max time kernel
153s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 05:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe
Size

165KB
MD5

3ae66d383d792bc05a28b96e3ac0eda3
SHA1

3f645c499cf343b19c89f68904bcfb7b4d74de9b
SHA256

b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25
SHA512

daaa2b0f7a4e5485583d4a4f9c585fb9c5adf39d904f9654228a589687ca9613e38496aead61b389c0b06c4f332fc058cadb5169b7f1291b94db134f331ff96e
SSDEEP

3072:kgO0Uq+4zf5bNWcbGnM8JoXtitrOm9da+VOugv7GYLOeGW/X:kxiDD5bNAnM1XwJOud/VjkSMSA

Score

10^/10

persistence upx

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe c:\\stealth.worm.exe"	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0007000000022f5c-159.dat	acprotect
behavioral2/files/0x0007000000022f5c-158.dat	acprotect
behavioral2/files/0x0007000000022f5c-157.dat	acprotect

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	stealth.ddos.exe

Executes dropped EXE 8 IoCs

pid	Process
4892	stealth.dcom.exe
4952	stealth.ddos.exe
1816	stealth.injector.exe
1732	stealth.stat.exe
1820	stealth.spam1.exe
1868	stealth.spam2.exe
1780	stealth.wm.exe
216	stealth.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000022f5c-159.dat	upx
behavioral2/files/0x0007000000022f5c-158.dat	upx
behavioral2/files/0x0007000000022f5c-157.dat	upx
behavioral2/memory/1816-161-0x0000000005490000-0x000000000559C000-memory.dmp	upx

Loads dropped DLL 9 IoCs

pid	Process
4892	stealth.dcom.exe
4952	stealth.ddos.exe
1816	stealth.injector.exe
1732	stealth.stat.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
1820	stealth.spam1.exe
1868	stealth.spam2.exe
1780	stealth.wm.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
4636	4612	WerFault.exe	78
628	4612	WerFault.exe	78
1164	4612	WerFault.exe	78

Modifies registry class 1 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\stealth.stat.counted = "done"	stealth.stat.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe
4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe
4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe
4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe
4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe
4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe
4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
1780	stealth.wm.exe
1780	stealth.wm.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
1780	stealth.wm.exe
1780	stealth.wm.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
1780	stealth.wm.exe
1780	stealth.wm.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
1780	stealth.wm.exe
1780	stealth.wm.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
1780	stealth.wm.exe
1780	stealth.wm.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
1780	stealth.wm.exe
1780	stealth.wm.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
1780	stealth.wm.exe
1780	stealth.wm.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
1780	stealth.wm.exe
1780	stealth.wm.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
1780	stealth.wm.exe
1780	stealth.wm.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
1780	stealth.wm.exe
1780	stealth.wm.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
1780	stealth.wm.exe
1780	stealth.wm.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
1780	stealth.wm.exe
1780	stealth.wm.exe
1816	stealth.injector.exe
1816	stealth.injector.exe
1780	stealth.wm.exe
1780	stealth.wm.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 4892	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	83
PID 4612 wrote to memory of 4892	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	83
PID 4612 wrote to memory of 4892	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	83
PID 4612 wrote to memory of 4952	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	84
PID 4612 wrote to memory of 4952	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	84
PID 4612 wrote to memory of 4952	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	84
PID 4612 wrote to memory of 1816	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	86
PID 4612 wrote to memory of 1816	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	86
PID 4612 wrote to memory of 1816	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	86
PID 4612 wrote to memory of 1732	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	87
PID 4612 wrote to memory of 1732	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	87
PID 4612 wrote to memory of 1732	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	87
PID 4612 wrote to memory of 1820	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	88
PID 4612 wrote to memory of 1820	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	88
PID 4612 wrote to memory of 1820	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	88
PID 4612 wrote to memory of 1868	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	89
PID 4612 wrote to memory of 1868	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	89
PID 4612 wrote to memory of 1868	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	89
PID 4612 wrote to memory of 1780	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	90
PID 4612 wrote to memory of 1780	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	90
PID 4612 wrote to memory of 1780	4612	b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe	90

C:\Users\Admin\AppData\Local\Temp\b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe
"C:\Users\Admin\AppData\Local\Temp\b8722ad343d5247c912dd527014bb8c979320ed5bdadf231e46df036a2739c25.exe"
1⤵
- Modifies WinLogon for persistence
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 448
  2⤵
  - Program crash
  PID:4636
- \??\c:\stealth.dcom.exe
  c:\stealth.dcom.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4892
- \??\c:\stealth.ddos.exe
  c:\stealth.ddos.exe
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 496
  2⤵
  - Program crash
  PID:628
- \??\c:\stealth.injector.exe
  c:\stealth.injector.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1816
- \??\c:\stealth.stat.exe
  c:\stealth.stat.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:1732
- \??\c:\stealth.spam1.exe
  c:\stealth.spam1.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1820
- \??\c:\stealth.spam2.exe
  c:\stealth.spam2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1868
- \??\c:\stealth.wm.exe
  c:\stealth.wm.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1780
- \??\c:\stealth.exe
  c:\stealth.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 504
  2⤵
  - Program crash
  PID:1164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4612 -ip 4612
1⤵
PID:3404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4612 -ip 4612
1⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4612 -ip 4612
1⤵
PID:228

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\stealth.bszip.dll

Filesize
31KB

MD5
c955c72c5d0772257c57a017270b4628

SHA1
175c4442b51fdc9efd63cec7c6fec7258af3c707

SHA256
ce3c94fd3f24162665394af6dfe7f26e382c396f20a619b735477c8a31c93002

SHA512
d60967a83e207d0fc778bbbb828f31a909fdf8e97699071a8673d6b23cd188e6e541e03cbc85a6ff4663280bef372bf43919ed8998be4b62a42db20a079a9d38

Download Submit
C:\stealth.bszip.dll

Filesize
31KB

MD5
c955c72c5d0772257c57a017270b4628

SHA1
175c4442b51fdc9efd63cec7c6fec7258af3c707

SHA256
ce3c94fd3f24162665394af6dfe7f26e382c396f20a619b735477c8a31c93002

SHA512
d60967a83e207d0fc778bbbb828f31a909fdf8e97699071a8673d6b23cd188e6e541e03cbc85a6ff4663280bef372bf43919ed8998be4b62a42db20a079a9d38

Download Submit
C:\stealth.dcom.exe

Filesize
4KB

MD5
f5c0b57549633160bf141d03dc3491df

SHA1
dd9983cbb00c9f5fb9df0690a7c9a51ffc00e959

SHA256
d33bbca82e6e52c2274e4ea6f9ad91aaaff476d64be90e35e011a66bacb6aed3

SHA512
f3f91c919640aaa3f78595d0bfbac6c41108cf364bfbc5fd020000af61b32cec15639d358145e73a9a1e76b9e82a67239c6285832df7ef885d53a608d64c854d

Download Submit
C:\stealth.ddos.exe

Filesize
4KB

MD5
a3bd281e3a3ed1837d4f4445526b20d9

SHA1
70fefc971846f0bc141e7981dd21aab5a755e320

SHA256
570175954fc5aba04f578abbabfe9dda683e482298484c51dab6c80f8e6cc58a

SHA512
9e6d96e94fbbbd2daca6a2eb2facd397294d7edaa817fac07ee28ee0bb5408fbdd56f2868e5133befdcb278ea7a0c946f0a7aba60d075def0d6505841b9239dd

Download Submit
C:\stealth.exe

Filesize
2KB

MD5
96a6bf00cb4a211e1bda8f3a2a852187

SHA1
9c3d1b521daf4270a4bbfd9cc71cfaace7c33ab8

SHA256
1657177cb281ff3a6ddad39df24e06b64f68214431958ae1a96dfe7beb8a8521

SHA512
3a97a16715d01c4691664a40a9caa8d20b5f5f8e18517567a397ba5dc36abd91e50c7b23f72ddfe374aa052e731a359a224e27215ffbf57050c856c577074ee3

Download Submit
C:\stealth.injector.exe

Filesize
6KB

MD5
23a21d0c1dd11772318e9dd8b9daebda

SHA1
ba076fd48984643b0bbab4b6d8eac63b4065f38c

SHA256
f36b8501d056b943d691b17399d21bd313689c9680a83138df74076492fd1b46

SHA512
0903e87b23d3ad88319a3bcf6c4f253d8be05a7a3ca71a59318ee4f116781828e36d2ac68037fbc2bdc21140a8c9a05dcc5a003808cce64c723cfb94818fc888

Download Submit
C:\stealth.shared.dll

Filesize
8KB

MD5
55b5e659d7239bb6b31786d180ce86ce

SHA1
6912a4e842487ff97f9a302df58521161804228c

SHA256
cd48db3ad88ab55a6cbbbd18d3595fe19b5bcd76a263d2dfc8eec298b66c42f2

SHA512
af3338dd465a612a50dd8e4ee741026e7aabd65ff975d0bbffbd05891133cc154998db694a1caf1b583b015f8332a032c9e9a26dd6ae2dc463cbdec067bc1743

Download Submit
C:\stealth.shared.dll

Filesize
8KB

MD5
55b5e659d7239bb6b31786d180ce86ce

SHA1
6912a4e842487ff97f9a302df58521161804228c

SHA256
cd48db3ad88ab55a6cbbbd18d3595fe19b5bcd76a263d2dfc8eec298b66c42f2

SHA512
af3338dd465a612a50dd8e4ee741026e7aabd65ff975d0bbffbd05891133cc154998db694a1caf1b583b015f8332a032c9e9a26dd6ae2dc463cbdec067bc1743

Download Submit
C:\stealth.shared.dll

Filesize
8KB

MD5
55b5e659d7239bb6b31786d180ce86ce

SHA1
6912a4e842487ff97f9a302df58521161804228c

SHA256
cd48db3ad88ab55a6cbbbd18d3595fe19b5bcd76a263d2dfc8eec298b66c42f2

SHA512
af3338dd465a612a50dd8e4ee741026e7aabd65ff975d0bbffbd05891133cc154998db694a1caf1b583b015f8332a032c9e9a26dd6ae2dc463cbdec067bc1743

Download Submit
C:\stealth.shared.dll

Filesize
8KB

MD5
55b5e659d7239bb6b31786d180ce86ce

SHA1
6912a4e842487ff97f9a302df58521161804228c

SHA256
cd48db3ad88ab55a6cbbbd18d3595fe19b5bcd76a263d2dfc8eec298b66c42f2

SHA512
af3338dd465a612a50dd8e4ee741026e7aabd65ff975d0bbffbd05891133cc154998db694a1caf1b583b015f8332a032c9e9a26dd6ae2dc463cbdec067bc1743

Download Submit
C:\stealth.shared.dll

Filesize
8KB

MD5
55b5e659d7239bb6b31786d180ce86ce

SHA1
6912a4e842487ff97f9a302df58521161804228c

SHA256
cd48db3ad88ab55a6cbbbd18d3595fe19b5bcd76a263d2dfc8eec298b66c42f2

SHA512
af3338dd465a612a50dd8e4ee741026e7aabd65ff975d0bbffbd05891133cc154998db694a1caf1b583b015f8332a032c9e9a26dd6ae2dc463cbdec067bc1743

Download Submit
C:\stealth.shared.dll

Filesize
8KB

MD5
55b5e659d7239bb6b31786d180ce86ce

SHA1
6912a4e842487ff97f9a302df58521161804228c

SHA256
cd48db3ad88ab55a6cbbbd18d3595fe19b5bcd76a263d2dfc8eec298b66c42f2

SHA512
af3338dd465a612a50dd8e4ee741026e7aabd65ff975d0bbffbd05891133cc154998db694a1caf1b583b015f8332a032c9e9a26dd6ae2dc463cbdec067bc1743

Download Submit
C:\stealth.shared.dll

Filesize
8KB

MD5
55b5e659d7239bb6b31786d180ce86ce

SHA1
6912a4e842487ff97f9a302df58521161804228c

SHA256
cd48db3ad88ab55a6cbbbd18d3595fe19b5bcd76a263d2dfc8eec298b66c42f2

SHA512
af3338dd465a612a50dd8e4ee741026e7aabd65ff975d0bbffbd05891133cc154998db694a1caf1b583b015f8332a032c9e9a26dd6ae2dc463cbdec067bc1743

Download Submit
C:\stealth.spam1.exe

Filesize
3KB

MD5
9efb6b49318e9781eb02ed61c2cc5ec9

SHA1
792d539bd335fec1c8a6a463935e9f380d9d849d

SHA256
ed795bb5b8ff69c4804d22facee97949bdfc7918a8877afebdb5fd2fcf5042f9

SHA512
4f908dec5583be6171e74d08e54b8698d8ee09d2c3e5a0696039e13a6933d20c644db831497e06bb2111df3f3c7288ee12bb1c638d0c18f31a1efc5687bcd15f

Download Submit
C:\stealth.spam2.exe

Filesize
10KB

MD5
65c5254a64c570849238bcf4a113f5a5

SHA1
29be3837fd8c6600d5a2bb1467f8a67206886768

SHA256
5d764f5ee415bec1437453c5eb3d8a07703970652bfaa5284cebdc7d9fe66415

SHA512
f2d1930de839e1d0968b715af3a370cef06fcea5cd23adf2462b4c56ad567ad254accf0908393219f2a8d072e4f87106a31c1fcfa2fc62cbbb5ea17ce37f2cbd

Download Submit
C:\stealth.stat.exe

Filesize
1KB

MD5
693d1cd39a90e7b767f78e642615dc69

SHA1
d85fd774b3f45edabe9eeac30b58349fbe379c67

SHA256
c4e31e6230af05485b358da0e6220fcda858135a0904cba9817044f8992c3320

SHA512
09962bc96e77e71025a67564d2c68100a7353f5fcf038153062a0b15544ae8397d109c2debb79b962432867fb5bcff8e8a5eaffbe1838ff85bd06a211bf39f4a

Download Submit
C:\stealth.wm.exe

Filesize
2KB

MD5
105de707d47f965bb776745f340e5a9e

SHA1
faa07b5d8d5561ec187739062a28bb806b187e01

SHA256
f37e47e64816e2207ae3bccfe00cd9fa2948e4433682869ae0f6d80b3500f519

SHA512
a9775c9b37184cee8c13a629f495891ae7de19e613f93d853ec06b4b8e8ce96a849c25531e8a2745e3b75d681decdc4e08cfa03f1434c6e97d568c7c89e4d82f

Download Submit
\??\c:\stealth.bszip.dll

Filesize
31KB

MD5
c955c72c5d0772257c57a017270b4628

SHA1
175c4442b51fdc9efd63cec7c6fec7258af3c707

SHA256
ce3c94fd3f24162665394af6dfe7f26e382c396f20a619b735477c8a31c93002

SHA512
d60967a83e207d0fc778bbbb828f31a909fdf8e97699071a8673d6b23cd188e6e541e03cbc85a6ff4663280bef372bf43919ed8998be4b62a42db20a079a9d38

Download Submit
\??\c:\stealth.dcom.exe

Filesize
4KB

MD5
f5c0b57549633160bf141d03dc3491df

SHA1
dd9983cbb00c9f5fb9df0690a7c9a51ffc00e959

SHA256
d33bbca82e6e52c2274e4ea6f9ad91aaaff476d64be90e35e011a66bacb6aed3

SHA512
f3f91c919640aaa3f78595d0bfbac6c41108cf364bfbc5fd020000af61b32cec15639d358145e73a9a1e76b9e82a67239c6285832df7ef885d53a608d64c854d

Download Submit
\??\c:\stealth.ddos.exe

Filesize
4KB

MD5
a3bd281e3a3ed1837d4f4445526b20d9

SHA1
70fefc971846f0bc141e7981dd21aab5a755e320

SHA256
570175954fc5aba04f578abbabfe9dda683e482298484c51dab6c80f8e6cc58a

SHA512
9e6d96e94fbbbd2daca6a2eb2facd397294d7edaa817fac07ee28ee0bb5408fbdd56f2868e5133befdcb278ea7a0c946f0a7aba60d075def0d6505841b9239dd

Download Submit
\??\c:\stealth.injector.exe

Filesize
6KB

MD5
23a21d0c1dd11772318e9dd8b9daebda

SHA1
ba076fd48984643b0bbab4b6d8eac63b4065f38c

SHA256
f36b8501d056b943d691b17399d21bd313689c9680a83138df74076492fd1b46

SHA512
0903e87b23d3ad88319a3bcf6c4f253d8be05a7a3ca71a59318ee4f116781828e36d2ac68037fbc2bdc21140a8c9a05dcc5a003808cce64c723cfb94818fc888

Download Submit
\??\c:\stealth.shared.dll

Filesize
8KB

MD5
55b5e659d7239bb6b31786d180ce86ce

SHA1
6912a4e842487ff97f9a302df58521161804228c

SHA256
cd48db3ad88ab55a6cbbbd18d3595fe19b5bcd76a263d2dfc8eec298b66c42f2

SHA512
af3338dd465a612a50dd8e4ee741026e7aabd65ff975d0bbffbd05891133cc154998db694a1caf1b583b015f8332a032c9e9a26dd6ae2dc463cbdec067bc1743

Download Submit
\??\c:\stealth.spam1.exe

Filesize
3KB

MD5
9efb6b49318e9781eb02ed61c2cc5ec9

SHA1
792d539bd335fec1c8a6a463935e9f380d9d849d

SHA256
ed795bb5b8ff69c4804d22facee97949bdfc7918a8877afebdb5fd2fcf5042f9

SHA512
4f908dec5583be6171e74d08e54b8698d8ee09d2c3e5a0696039e13a6933d20c644db831497e06bb2111df3f3c7288ee12bb1c638d0c18f31a1efc5687bcd15f

Download Submit
\??\c:\stealth.spam2.exe

Filesize
10KB

MD5
65c5254a64c570849238bcf4a113f5a5

SHA1
29be3837fd8c6600d5a2bb1467f8a67206886768

SHA256
5d764f5ee415bec1437453c5eb3d8a07703970652bfaa5284cebdc7d9fe66415

SHA512
f2d1930de839e1d0968b715af3a370cef06fcea5cd23adf2462b4c56ad567ad254accf0908393219f2a8d072e4f87106a31c1fcfa2fc62cbbb5ea17ce37f2cbd

Download Submit
\??\c:\stealth.stat.exe

Filesize
1KB

MD5
693d1cd39a90e7b767f78e642615dc69

SHA1
d85fd774b3f45edabe9eeac30b58349fbe379c67

SHA256
c4e31e6230af05485b358da0e6220fcda858135a0904cba9817044f8992c3320

SHA512
09962bc96e77e71025a67564d2c68100a7353f5fcf038153062a0b15544ae8397d109c2debb79b962432867fb5bcff8e8a5eaffbe1838ff85bd06a211bf39f4a

Download Submit
\??\c:\stealth.wm.exe

Filesize
2KB

MD5
105de707d47f965bb776745f340e5a9e

SHA1
faa07b5d8d5561ec187739062a28bb806b187e01

SHA256
f37e47e64816e2207ae3bccfe00cd9fa2948e4433682869ae0f6d80b3500f519

SHA512
a9775c9b37184cee8c13a629f495891ae7de19e613f93d853ec06b4b8e8ce96a849c25531e8a2745e3b75d681decdc4e08cfa03f1434c6e97d568c7c89e4d82f

Download Submit
\??\c:\stealth.worm.exe

Filesize
85KB

MD5
b4aaf45f19300d4b22da2c33fff81beb

SHA1
653967cd2186fea0af00fd3ed524095c73d4dc3f

SHA256
27b7443c7983e1b81bbe97704400f0816949dde166bc9afe50f355b456dd6440

SHA512
3475f774f5bce0fa6be8da43eb0972e2be9bb4524291cca0e50503bd8633eb5d155995d30581186e26734102eb8a23378fab73fe6266cfd85de1b5cc5b19d519

Download Submit
memory/1732-156-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/1780-179-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/1816-155-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1816-161-0x0000000005490000-0x000000000559C000-memory.dmp

Filesize
1.0MB

Download
memory/1816-180-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1816-175-0x0000000010000000-0x0000000010004000-memory.dmp

Filesize
16KB

Download
memory/1820-176-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/1868-177-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/1868-178-0x0000000010000000-0x0000000010004000-memory.dmp

Filesize
16KB

Download
memory/4612-173-0x0000000001000000-0x000000000102D000-memory.dmp

Filesize
180KB

Download
memory/4612-132-0x0000000001000000-0x000000000102D000-memory.dmp

Filesize
180KB

Download
memory/4892-145-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/4892-153-0x0000000010000000-0x0000000010004000-memory.dmp

Filesize
16KB

Download
memory/4952-152-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/4952-154-0x0000000010000000-0x0000000010004000-memory.dmp

Filesize
16KB

Download